pratyush/limnoria-keycloak
1
0
Fork 0
forked from Georg/limnoria-keycloak
Code Pull Requests Activity

IRC<->SSO user opt-in

Browse Source 
Signed-off-by: Georg <georg@lysergic.dev>
This commit is contained in:
Georg Pfuetzenreuter 2021-09-02 19:43:22 +02:00
parent 474d16ba94
commit 31ed2ed1fe
Signed by untrusted user: Georg
GPG Key ID: 1DAF57F49F8E8F22
2 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
config.py
View File

@ -99,18 +99,28 @@ conf.registerGlobalValue(Keycloak.options, 'emailVerified',
"""
Keycloak: Whether to set newly created users email addresses to having been verified \(true, default\) or not \(false\)
"""
, private=True
))
conf.registerGlobalValue(Keycloak.options, 'firstName',
registry.String('Foo',
"""
Keycloak: What to set as the firstName value for newly created users.
"""
, private=True
))
conf.registerGlobalValue(Keycloak.options, 'lastName',
registry.String('Bar',
"""
Keycloak: What to set as the lastName value for newly created users.
"""
, private=True
))
conf.registerGlobalValue(Keycloak.options, 'ircgroup',
registry.String('',
"""
Keycloak: Group ID for `ircprom`
"""
, private=True
))
# vim:set shiftwidth=4 tabstop=4 expandtab textwidth=79:

59
plugin.py
View File

@ -126,7 +126,66 @@ class Keycloak(callbacks.Plugin):
register = wrap(register, ['anything'])
def ircprom(self, irc, msg, args, option):
"""<status>
true/on = enable authentication to your IRC account with an SSO account going by the same username --
false/off = allow authentication to your IRC account ONLY with internal IRC credentials (NickServ) --
Warning: Enabling this without having an SSO account with the same username as your IRC nickname is a security risk."""
user = msg.nick
server = self.registryValue('backend.server')
realm = self.registryValue('backend.realm')
tokenurl = self.registryValue('backend.token')
usererr = self.registryValue('replies.error')
gid = self.registryValue('options.ircgroup')
try:
tokendl = requests.get(tokenurl)
tokendata = tokendl.json()
token = tokendata['access_token']
url = server + '/auth/admin/realms/' + realm + '/users'
userdata = requests.get(url, params = {'username': user}, headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token})
userresp = userdata.json()
uid = userresp[0]['id']
print(user, uid)
except:
print("ERROR: Keycloak token could not be installed.")
irc.error(usererr)
try:
url = server + '/auth/admin/realms/' + realm + '/users/' + uid + '/groups/' + gid
if option == 'true' or option == 'on' or option == '1':
option = 'enable'
response = requests.put(
url,
headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token})
if option == 'false' or option == 'off' or option == '0':
option == 'disable'
response = requests.delete(
url,
headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token})
if option != 'true' != 'on' != '1' != 'false' != 'off' != '0':
irc.error('Invalid argument.')
else:
print("Keycloak: HTTP Status ", response.status_code)
try:
print("Keycloak: Response Text: ", response.text)
except:
print("Keycloak: No or invalid response text. This is not an error.")
try:
print("Keycloak: Response JSON: ", response.json())
except:
print("Keycloak: No or invalid response JSON. This it not an error.")
status = response.status_code
if status == 204:
print(" SSO user " + user + " is now authorized to authenticate IRC user " + user)
irc.queueMsg(msg=ircmsgs.IrcMsg(command='PRIVMSG', args=(msg.nick, f'{pw}')))
irc.reply("OK, I sent you a private message.")
if status != 204:
print("ERROR: HTTP request did not succeed.")
irc.error(usererr)
except:
print('Operation failed.')
ircprom = wrap(ircprom, ['anything'])
Class = Keycloak